> If Red Hat wants to deep-throat Microsoft, that's *your* issue. That> has nothing what-so-ever to do with the kernel I maintain. It's> trivial for you guys to have a signing machine that parses the PE> binary, verifies the signatures, and signs the resulting keys with> your own key. You already wrote the code, for chissake, it's in that> f*cking pull request.

There's one significant practical awkwardness, which is that it makes key revocation a multi-step process - the blacklisted hash is going to be for the PE and not the key itself. I guess the original hash could be stuffed in some metadata in the key, but urgh.

Vendors want to ship keys that have been signed by a trusted party. Right now the only one that fits the bill is Microsoft, because apparently the only thing vendors love more than shitty firmware is following Microsoft specs. The equivalent isn't just Red Hat (or anyone else) programmatically re-signing those keys, it's re-signing those keys with a key that's trusted by the upstream kernel. Would you be willing to carry a default trusted key if some sucker/upstanding and trustworthy member of society hosted a re-signing service? Or should we just assume that anyone who wants to ship external modules is a fucking idiot and deserves to be miserable?

(I mean, *I'm* fine with the idea that they're fucking idiots and deserve to be miserable, but apparently there's people who think this is a vital part of a business model)